|
 |
04161d |
From 53c6b01e8e3fd338d7f53e5ff817ef86f9efa852 Mon Sep 17 00:00:00 2001
|
|
|
04161d |
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
|
|
|
04161d |
Date: Wed, 11 Nov 2020 17:22:33 +0000
|
|
|
04161d |
Subject: [PATCH] ls: fix crash printing SELinux context for unstatable files
|
|
|
04161d |
|
|
|
04161d |
This crash was identified by Cyber Independent Testing Lab:
|
|
|
04161d |
https://cyber-itl.org/2020/10/28/citl-7000-defects.html
|
|
|
04161d |
and was introduced with commit v6.9.90-11-g4245876e2
|
|
|
04161d |
|
|
|
04161d |
* src/ls.c (gobble_file): Ensure scontext is initialized
|
|
|
04161d |
in the case where files are not statable.
|
|
|
04161d |
* tests/ls/selinux-segfault.sh: Renamed from proc-selinux-segfault.sh,
|
|
|
04161d |
and added test case for broken symlinks.
|
|
|
04161d |
* tests/local.mk: Adjust for the renamed test.
|
|
|
04161d |
|
|
|
04161d |
Upstream-commit: 6fc695cb4a26f09dfeef8b1c24895a707055334e
|
|
|
04161d |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
04161d |
---
|
|
|
04161d |
src/ls.c | 3 +++
|
|
|
04161d |
tests/local.mk | 2 +-
|
|
|
04161d |
.../{proc-selinux-segfault.sh => selinux-segfault.sh} | 10 ++++++++--
|
|
|
04161d |
3 files changed, 12 insertions(+), 3 deletions(-)
|
|
|
04161d |
rename tests/ls/{proc-selinux-segfault.sh => selinux-segfault.sh} (77%)
|
|
|
04161d |
|
|
|
04161d |
diff --git a/src/ls.c b/src/ls.c
|
|
|
04161d |
index 4acf5f4..8eb483d 100644
|
|
|
04161d |
--- a/src/ls.c
|
|
|
04161d |
+++ b/src/ls.c
|
|
|
04161d |
@@ -3412,6 +3412,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
|
|
|
04161d |
provokes an exit status of 1. */
|
|
|
04161d |
file_failure (command_line_arg,
|
|
|
04161d |
_("cannot access %s"), full_name);
|
|
|
04161d |
+
|
|
|
04161d |
+ f->scontext = UNKNOWN_SECURITY_CONTEXT;
|
|
|
04161d |
+
|
|
|
04161d |
if (command_line_arg)
|
|
|
04161d |
return 0;
|
|
|
04161d |
|
|
|
04161d |
diff --git a/tests/local.mk b/tests/local.mk
|
|
|
04161d |
index 2aeff2b..2441fdc 100644
|
|
|
04161d |
--- a/tests/local.mk
|
|
|
04161d |
+++ b/tests/local.mk
|
|
|
04161d |
@@ -616,7 +616,7 @@ all_tests = \
|
|
|
04161d |
tests/ls/multihardlink.sh \
|
|
|
04161d |
tests/ls/no-arg.sh \
|
|
|
04161d |
tests/ls/no-cap.sh \
|
|
|
04161d |
- tests/ls/proc-selinux-segfault.sh \
|
|
|
04161d |
+ tests/ls/selinux-segfault.sh \
|
|
|
04161d |
tests/ls/quote-align.sh \
|
|
|
04161d |
tests/ls/readdir-mountpoint-inode.sh \
|
|
|
04161d |
tests/ls/recursive.sh \
|
|
|
04161d |
diff --git a/tests/ls/proc-selinux-segfault.sh b/tests/ls/selinux-segfault.sh
|
|
|
04161d |
similarity index 77%
|
|
|
04161d |
rename from tests/ls/proc-selinux-segfault.sh
|
|
|
04161d |
rename to tests/ls/selinux-segfault.sh
|
|
|
04161d |
index 831a00e..e2b7ef6 100755
|
|
|
04161d |
--- a/tests/ls/proc-selinux-segfault.sh
|
|
|
04161d |
+++ b/tests/ls/selinux-segfault.sh
|
|
|
04161d |
@@ -1,5 +1,5 @@
|
|
|
04161d |
#!/bin/sh
|
|
|
04161d |
-# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
|
|
|
04161d |
+# Ensure we don't segfault in selinux handling
|
|
|
04161d |
|
|
|
04161d |
# Copyright (C) 2008-2020 Free Software Foundation, Inc.
|
|
|
04161d |
|
|
|
04161d |
@@ -19,9 +19,15 @@
|
|
|
04161d |
. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
|
|
|
04161d |
print_ver_ ls
|
|
|
04161d |
|
|
|
04161d |
+# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
|
|
|
04161d |
f=/proc/sys
|
|
|
04161d |
test -r $f || f=.
|
|
|
04161d |
-
|
|
|
04161d |
ls -l $f > out || fail=1
|
|
|
04161d |
|
|
|
04161d |
+# ls <= 8.32 would segfault when printing
|
|
|
04161d |
+# the security context of broken symlink targets
|
|
|
04161d |
+mkdir sedir || framework_failure_
|
|
|
04161d |
+ln -sf missing sedir/broken || framework_failure_
|
|
|
04161d |
+returns_ 1 ls -L -R -Z -m sedir > out || fail=1
|
|
|
04161d |
+
|
|
|
04161d |
Exit $fail
|
|
|
04161d |
--
|
|
|
04161d |
2.26.2
|
|
|
04161d |
|